The widespread use of the Internet and computing/communication devices has led to an explosive growth in the electronic dissemination of information. However, verifiable control over the recipient(s) of secure information remains an important issue in the field of cyber security. Moreover, recipients of information can also become sources of sensitive information where real time knowledge of the identity of such a source can be an important security issue. An example of this situation is knowledge of the identity of an individual entering credit card (or other account) information during the process of making an online purchase. Present-day techniques commonly used to remotely identify the recipients or sources of secure information are readily susceptible to deception. In the United States, identity theft affects approximately fifteen million individuals each year with an estimated financial impact of $50 billion. Additionally, it has been noted by the security industry the average cost of a data breach per organization is now $3.79 million, a cost which has risen annually. New research suggests the global cost of a data breach may reach $2.1 trillion by 2019. The global cost estimate is set to increase almost four times the estimated cost for 2015 and the average cost per organization is expected to exceed $150 million by 2020.
According to the research, the increase in data breach costs are associated with the rapid digitization of consumer and enterprise records, driving an increase in cybercrime. In the past year, the “cybercrime as business” model has become more commonplace, with more off-the-shelf products and large cybercrime organizations driving attacks for corporate data. The research suggests that the majority of these breaches will come from existing information technology (IT) and network infrastructure, including mobile devices, connected devices, smart devices, buildings embedded with electronics, software, sensors, actuators, and network connectivity that enables these objects to collect and exchange data.
Further complicating this is the rapid evolution of how a user interacts with the Internet and services available coupled with internet fraud and user identity theft of compromise. New methods of nonrepudiation (e.g. acceptance by having authority) need to be developed and implemented. In a general sense, nonrepudiation involves associating actions or changes to a unique individual. In a secure facility, for example, nonrepudiation would be violated if it were not also a strictly enforced policy to prohibit sharing of the key cards and to immediately report lost or stolen cards. Otherwise determining who performed the action of opening the door cannot be accurately determined. Similarly, for computer accounts, the individual owner of the account must not allow others to use that account, especially, for instance, by giving away their account's password, and a policy should be implemented to enforce this. This prevents the owner of the account from denying actions performed by the account.
Regarding digital security, the cryptological meaning and application of nonrepudiation shifts to mean:                a. A service that provides proof of the integrity and origin of data.        b. An authentication that can be asserted to be genuine with high assurance.        
Proof of data integrity is typically the easiest of these requirements to accomplish. A data hash, such as SHA-2, is usually sufficient to establish that the likelihood of data being undetectably changed is extremely low. Even with this safeguard, it is still possible to tamper with data in transit, either through a man-in-the-middle attack or phishing. Due to this flaw, data integrity is best asserted when the recipient already possesses the necessary verification information. The most common method of asserting the digital origin of data is through digital certificates, a form of public key infrastructure, to which digital signatures belong. Note that the public key scheme is generally not used for encryption in this form. Confidentiality is not achieved by signing a message with a private key (since anyone can obtain the public key to reverse the signature). Verifying the digital origin means that the certified/signed data can be, with reasonable certainty, trusted to be from somebody who possesses the private key corresponding to the signing certificate. If the key is not properly safeguarded by the original owner, digital forgery can become a major concern.
To solve these problems, there is a need to re-think system architectures and roles with a specific view on data security and nonrepudiation of a user's electronic signature (e.g. password), where the authenticity of the signature is being challenged. Systems and methods are disclosed for providing a Persona Credential Engine (PCE) that may be used to eliminate tedious and insecure authentication procedures, such as typing in passwords. The PCE may empower a user to be conveniently authenticated via one or more Facets to achieve any kind of logical or physical access to a device or devices, restricted area, or other such place or thing requiring identity authentication for access. The Persona Credential Engine in some embodiments is multi-dimensional and dynamic. In some embodiments one or more elements of the key change constantly rendering the key nearly impossible to crack mathematically. Normal uses of cryptography may apply; however, the system is further safe-guarded in the fact that credentials in some embodiments are never static for long periods of time.
So as to reduce the complexity and length of the Detailed Specification, and to fully establish the state of the art in certain areas of technology, Applicant(s) herein expressly incorporate(s) by reference all of the following materials identified in each numbered paragraph below. The incorporated materials are not necessarily “prior art” and Applicant(s) expressly reserve(s) the right to swear behind any of the incorporated materials.
System and Method for Modeling Human Behavior for Use in Identity Verification and Authentication Software, Ser. No. 62/255,973 filed Nov. 16, 2015, which is herein incorporated by reference in its entirety.
Applicant(s) believe(s) that the material incorporated above is “non-essential” in accordance with 37 CFR 1.57, because it is referred to for purposes of indicating the background of the invention or illustrating the state of the art. However, if the Examiner believes that any of the above-incorporated material constitutes “essential material” within the meaning of 37 CFR 1.57(c)(1)-(3), applicant(s) will amend the specification to expressly recite the essential material that is incorporated by reference as allowed by the applicable rules.